Again with additional info: Problem trying to create 'pass through'with PuTTY and Dropbear - openssh

This is a discussion on Again with additional info: Problem trying to create 'pass through'with PuTTY and Dropbear - openssh ; Hello, I already posted this problem before, but haven't had any response so far.. I added some details and additional information and tried to make it more clear to you. Maybe, this time someone can help me out or at ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Again with additional info: Problem trying to create 'pass through'with PuTTY and Dropbear

  1. Again with additional info: Problem trying to create 'pass through'with PuTTY and Dropbear


    Hello,

    I already posted this problem before, but haven't had any response so far..
    I added some details and additional information and tried to make it more clear to you.
    Maybe, this time someone can help me out or at least give some hints or feedback?

    The problem:

    I'm trying to do the following:
    I have a couple of 'client' pc's that are behind routers. I want to be
    able to connect to them (using VNC) from anywhere when needed without
    having to open up ports on the routers. Therefore, the connection needs to be initiated from the client side (thus from behind the routers).
    My plan is to let those clients set up and keep open an SSH connection
    to a server on the Internet that I have access to (running Dropbear as
    an SSH server).
    The clients I want to take over, are running a startup script creating
    the connection and keeping it open. Over the connection, a tunnel is
    then created from client port X, to server port Y. From my PC I then
    create an SSH connection to the server and create a tunnel from PC
    port Z to server port Y.

    I'm currently testing this setup on my LAN using PuTTY on two Windows pc's (one acting as the server and one acting as the client) and a Linux
    server (S) running Dropbear. One pc
    (A) is running VNC Server. The other PC (B) is running the vnc viewer.
    I use PuTTY to create an SSH connection from PC A to the server (S) and
    create a *remote* forward from server port 10001 to PC A, port 5900 (this
    is where ultra VNC is listening).
    Then, I use PuTTY to create an SSH connection from PC B to the server (S)and create a *local* forward from PC B, port 5900 to server port 10001.

    After this, I start Ultra VNC viewer on PC B and connect it to '::5900'.
    Now, I'm getting the following connection error: "Connection failed - Error reading Protocol Version".
    I have tried Putty 0.58 and 0.60. Using both versions gives the same error message in Ultra VNC.

    I have no problems connecting directly from PC B to PC A ('::
    5900').

    To make sure it isn't an Ultra VNC problem, I set up the same tunnels (but using port 23 instead of 5900) and then used telnet to connect from one host to the running telnet server on the other host.
    The screen goes black (dosprompt under Windows XP) until I press a key, then I get back my prompt. Nothing happens.
    I also used Wireshark (network sniffer) on the server side and no packets were captured (not even in promiscious mode).

    Is my set-up technically possible? So should I be able to set up those tunnels as a kind of 'pass-through' mechanism?

    Does anyone have a clue about what I'm doing wrong or forgot to do?

    Kind regards,
    Rik.
    __________________________________________________ _______________
    Express yourself instantly with MSN Messenger! Download today it's FREE!
    http://messenger.msn.click-url.com/g...ave/direct/01/

  2. RE: Again with additional info: Problem trying to create 'passthrough' with PuTTY and Dropbear


    Hi Eric and the rest,

    Thanks for your thoughts!

    I understand your way of thinking, and it even makes me doubt my solutiona bit.
    Indeed, you could wonder how VNC server on PC A can listen on port 5900 while PuTTY is also using that port for communicating with the Dropbear server.

    I hope and think that the way a tunnel is implemented in general, is in some way transparent to the operating system.
    So I think that for a 'remote port forward', PuTTY isn't really listeningon the local port that you have configured, but only makes sure in some way that the unencrypted traffic is delivered to that port number.

    Anyone else?

    Kind regards,
    Rik.


    > Subject: RE: Again with additional info: Problem trying to create 'pass through' with PuTTY and Dropbear
    > Date: Thu, 18 Sep 2008 16:43:00 -0400
    > From: Eric.S@aefcu.com
    > To: rikrik31@hotmail.com
    >
    > I am by no means an expert at any of this, and I have no knowledge of
    > Dropbear so please forgive me as I ask a few questions and possibly get
    > you thinking in a different way.
    >
    > If PC A :5900 <-- Server 10001 using Dropbear (?), what is answering on
    > PC A; what application, VNC? If the VNC port 5900 is already in a
    > conversation with Dropbear or PuTTY or something else between PC A and
    > the Server, how can VNC answer when PC B calls? In the same respect,
    > how can PC B transmit on 5900, if it is also talking to the server from
    > its 5900 to the server 10001? How does Dropbear know to forward a
    > packets from PC B to PC A though the PuTTY SSH link?
    >
    > If I am completely missing the picture, please let me know and I will be
    > happy to step aside and let someone more knowledgeable help.
    >
    > Good Luck!
    >
    > -Eric.
    >
    >> -----Original Message-----
    >> From: listbounce@securityfocus.com

    > [mailto:listbounce@securityfocus.com]
    >> On Behalf Of Rik Hennema
    >> Sent: Thursday, September 18, 2008 3:43 PM
    >> To: secureshell@securityfocus.com
    >> Subject: Again with additional info: Problem trying to create 'pass

    > through'
    >> with PuTTY and Dropbear
    >>
    >>
    >> Hello,
    >>
    >> I already posted this problem before, but haven't had any response so

    > far.
    >> I added some details and additional information and tried to make it

    > more
    >> clear to you.
    >> Maybe, this time someone can help me out or at least give some hints

    > or
    >> feedback?
    >>
    >> The problem:
    >>
    >> I'm trying to do the following:
    >> I have a couple of 'client' pc's that are behind routers. I want to be
    >> able to connect to them (using VNC) from anywhere when needed without
    >> having to open up ports on the routers. Therefore, the connection

    > needs to be
    >> initiated from the client side (thus from behind the routers).
    >> My plan is to let those clients set up and keep open an SSH connection
    >> to a server on the Internet that I have access to (running Dropbear as
    >> an SSH server).
    >> The clients I want to take over, are running a startup script creating
    >> the connection and keeping it open. Over the connection, a tunnel is
    >> then created from client port X, to server port Y. From my PC I then
    >> create an SSH connection to the server and create a tunnel from PC
    >> port Z to server port Y.
    >>
    >> I'm currently testing this setup on my LAN using PuTTY on two Windows

    > pc's
    >> (one acting as the server and one acting as the client) and a Linux
    >> server (S) running Dropbear. One pc
    >> (A) is running VNC Server. The other PC (B) is running the vnc viewer.
    >> I use PuTTY to create an SSH connection from PC A to the server (S)

    > and
    >> create a *remote* forward from server port 10001 to PC A, port 5900

    > (this
    >> is where ultra VNC is listening).
    >> Then, I use PuTTY to create an SSH connection from PC B to the server

    > (S)
    >> and create a *local* forward from PC B, port 5900 to server port

    > 10001.
    >>
    >> After this, I start Ultra VNC viewer on PC B and connect it to

    > '::5900'.
    >> Now, I'm getting the following connection error: "Connection failed -

    > Error
    >> reading Protocol Version".
    >> I have tried Putty 0.58 and 0.60. Using both versions gives the same

    > error
    >> message in Ultra VNC.
    >>
    >> I have no problems connecting directly from PC B to PC A ('::
    >> 5900').
    >>
    >> To make sure it isn't an Ultra VNC problem, I set up the same tunnels

    > (but
    >> using port 23 instead of 5900) and then used telnet to connect from

    > one host
    >> to the running telnet server on the other host.
    >> The screen goes black (dosprompt under Windows XP) until I press a

    > key,
    >> then I get back my prompt. Nothing happens.
    >> I also used Wireshark (network sniffer) on the server side and no

    > packets were
    >> captured (not even in promiscious mode).
    >>
    >> Is my set-up technically possible? So should I be able to set up those

    > tunnels
    >> as a kind of 'pass-through' mechanism?
    >>
    >> Does anyone have a clue about what I'm doing wrong or forgot to do?
    >>
    >> Kind regards,
    >> Rik.
    >> __________________________________________________ _______________
    >> Express yourself instantly with MSN Messenger! Download today it's

    > FREE!
    >> http://messenger.msn.click-url.com/g...ave/direct/01/


    __________________________________________________ _______________
    Express yourself instantly with MSN Messenger! Download today it's FREE!
    http://messenger.msn.click-url.com/g...ave/direct/01/

+ Reply to Thread